Problem with disabled firewall service – Windows Server 2008 R2
In the last couple of weeks some of our customers repeatedly had strange problems with a disabled firewall service.
Do not disable the service of Windows Firewall. Better switch the “Firewall state” to off instead.
Index
Deactivated Windows Firewall service
I had to realize that you should better not deactivate the service on a Windows Server 2008 R2 because it causes problems with applications and features.
And these do not necessarily show immediately.
Some applications that may cause trouble:
- Failover Clustering
- LDAPs
- Lync
- Advanced Group Policy Management
- …..
Completely disable firewall – not only the service
If you want to deactivate the internal ‘Windows Firewall’, do not simply “deactivate” the service.
Instead, switch the ‘Firewall state’ to ‘Off’ for the respective firewall profiles (see screenshot).
Microsoft explains the issues in the guide “Step-by-Step Guide: Deploying Windows Firewall an IPSec Policies” as follows:
Caution: Do not disable the firewall by stopping the Windows Firewall (MpsSvc) service. Because the Windows Firewall service also implements Windows Service Hardening, which provides additional protections for other Windows services, Microsoft does not support disabling the Windows Firewall service. Instead, use the interface shown here in the Windows Firewall with Advances Security MMC snap-in.
Download the Step-by-Step Guide: Deploying Windows Firewall and IPSec Policies
Leave a Reply
<p>Your email is safe with us.<br/>Information about our <a href="https://activedirectoryfaq.com/contact-us/">data protection policies</a></p>